cPanel vulnerability patch: Three critical flaws fixed in WHM

The latest cPanel vulnerability patch arrives as cPanel and Web Host Manager (WHM) roll out updates that seal three newly disclosed flaws ↑ 3.

cPanel vulnerability fixes target privilege escalation, code execution, and denial-of-service

Security researchers identified CVE‑2026‑29201, CVE‑2026‑29202 and CVE‑2026‑29203, each carrying a ↓ 4.3 CVSS rating on average. The first issue stems from inadequate validation of feature file names in the “feature::LOADFEATUREFILE” adminbin call, opening a path for arbitrary code. A second flaw allows crafted input to trigger a denial-of-service in the WHM API, while the third grants elevated privileges through malformed session tokens. Administrators are urged to apply the updates immediately to prevent exploitation. The patches were disclosed in coordination with the vendor and have been publicly released on the cPanel security advisory page. For broader context on how cyber threats intersect with global stability, see our recent analysis of nuclear security dynamics. Leading outlets such as Reuters have highlighted the rising trend of supply‑chain attacks, underscoring why swift remediation matters.